A transient federation agreement is a pre-negotiated (trusted metadata exchange) set of contracts (normally bilateral) which enable trusted pairs to recognise each other's identities. The contract may specify user roles, governance, security and verification policies, or specific technical methods. The implementation may utilise a Trust Broker (possibly a 3rd party credential authority) for validating the… Continue reading Cross Domain Identity Patterns: Transient Federation
Author: mustnotgrumble
Identity Management Business Case Drivers for both Customer and Workforce
Developing a business case for identity management is often a challenge because there are not always immediate tangible benefits. Furthermore the legal or security need to maintain separation between customer and workforce will create overlap between architecture that may necessitate separate business cases. It is therefore important to explicitly align the business case with the… Continue reading Identity Management Business Case Drivers for both Customer and Workforce
Daft Punk’s Get Lucky & Authentication Systems
Is Daft Punk's Get Lucky a simile for a brute force attack? Is your authentication system vulnerable to this risk and its implication? Have you considered Risk Based Access Management systems and Password Management systems? Or have you considered not going to nightclubs that play Daft Punk?
Moving Away from a Push Model for Enterprise Identity Architecture
The discipline of Enterprise Architecture and an architecture for identity management do not currently have a best practice. The TOGAF discipline of Enterprise Architecture promotes a holistic and systemic view for interoperable systems; these may be supply chains, business processes or identity repositories. The Emerging Architecture of Identity Management argues that identity management is based… Continue reading Moving Away from a Push Model for Enterprise Identity Architecture
Safe Harbour, Data Privacy and Scottish Independence
The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data is a European Union directive which regulates the processing of personal data within the European Union. The Criteria for Safe Harbour privacy are incorporated into the Directive… Continue reading Safe Harbour, Data Privacy and Scottish Independence
Statutory & Contract
You may have a customer with multiple different statutory legal compliance criteria and you may also have a customer with highly specific contractual hosting & data sovereignty NFRs. The latter often comes from the sales guy abandoning the normal contract template on any fear of losing their commission and promising any physical hosting model that… Continue reading Statutory & Contract
OAuth Terminology in SAML2
A Resource Server in OAuth is a Service Provider in SAML2An Authorization Server in OAuth is an Identity Provider in SAML2Thankfully a Client is a UserI still often say SPIL (SAML2.0 Service Provider Initiated Login) and IDIL (SAML2.0 Identity Provider Initiated Login) on a regular basis. I find RSIL and ASIL harder.
Identity Modelling in a Global Enterprise
How do you define a single identity model for a global enterprise?Arguing for a generised identity model that connects to a Master Data Management system for a golden record of userIds and roles reminds me of the joke answer to the barber paradox realisation of Russell's Paradox.The barber paradox is:"The barber is a man in… Continue reading Identity Modelling in a Global Enterprise
API Crazy
I am a UK based TOGAF certified enterprise & solutions architect (specialising in Identity Mgmt, integration, payments, security and M2M) with experience primarily in Telco with Vodafone, Nokia, UPC, Qwest, AOL, o2, BT, H3G Australia & Colt. Plus banking experience with Deutsche Bank, insurance experience with Bupa & Chubb, utilities experience with Centrica & Nuon NL and… Continue reading API Crazy
API Crazy 